Overview

overview

10

Static

static

10

596ee59d7d...68.exe

windows7-x64

10

596ee59d7d...68.exe

windows10-2004-x64

10

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-05-2024 11:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    596ee59d7dbd0eaad9855eceeed9e1960db0d9ad8455950b02fb58d932322e68.exe

  • Size

    4.5MB

  • MD5

    6786c284ea3d1e6b89be12f630068a82

  • SHA1

    f526d2220589c134a3feb04f5a8bfc16ac613436

  • SHA256

    596ee59d7dbd0eaad9855eceeed9e1960db0d9ad8455950b02fb58d932322e68

  • SHA512

    17c478e87a4c6382b632f3328418f3883616cdb35f658a0f95b4584755adc49a5732c56ab362dc5869d3ac4f0a19d23214450baac834b6e8c0098752ec377151

  • SSDEEP

    98304:V7jXr3ay/mq1BjDtkQ079UKTzY32d6xayyNzped9HziQTQwFYT:V7j7ay+q1HKUKcZxayyGd9HFkvT

Score
10/10
metasploitbackdoortrojanupx

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

192.168.81.133:3333

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx

Processes

  • C:\Users\Admin\AppData\Local\Temp\596ee59d7dbd0eaad9855eceeed9e1960db0d9ad8455950b02fb58d932322e68.exe
    "C:\Users\Admin\AppData\Local\Temp\596ee59d7dbd0eaad9855eceeed9e1960db0d9ad8455950b02fb58d932322e68.exe"
    1⤵
      PID:4644

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4644-0-0x0000000000400000-0x0000000000491000-memory.dmp
      Filesize

      580KB

      Download
    • memory/4644-1-0x00000000005C0000-0x00000000005C1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/4644-2-0x0000000000400000-0x0000000000491000-memory.dmp
      Filesize

      580KB

      Download